Skip Ribbon Commands
Skip to main content

How do I restrict users to read-only access to their Home Directories?

Last Update: 7/20/2016 1:37 PM

How do I restrict users to read-only access to their Home Directories?

Answer:

You can restrict users to read-only access to their Home Directories through the Active Directory Users and Computers console on the AD controller, or via PowerShell.

This article provides a sample script that can be used to help with this process.

Prerequisites:

  • Create a CSV file containing all the usernames (SAMAccountName).
  • Install the required AD module on the machine that you're running the script from.

Example script:

Import-Module 'ActiveDirectory'
import-csv E:\usersname.csv | foreach-object{
$homeDrive = (Get-ADUser -Identity $_.name -Properties homedrive).homedrive #Query AD for the HomeDrive attribute
$ACL = Get-Acl $homeDrive
$ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Read", "ContainerInherit,ObjectInherit", "none", "allow")))
Set-Acl $homeDrive $ACL
}